The infamous shadow brokers are back with their promised TheShadowBrokers Dump Service – September 2017 and released

UNITEDRAKE-Collective Intelligence

UNITEDRAKE is a modular malware described as a “fully extensible remote collection system designed for Windows targets.”

Able to compromise Windows PCs running on XP, Windows Server 2003 and 2008, Vista, Windows 7 SP 1 and below, as well as Windows 8 and Windows Server 2012, the attack tool acts as a service to capture information, with clients planted on target machines that send information to a server over the internet.

The existence of UNITEDRAKE first came to light in 2013 as part of a series of classified NSA documents leaked by Edward Snowden and in a catalog of NSA hacking tools leaked by a second source, which revealed it was used by the NSA alongside other pieces of malware to infect millions of computers around the world.

By using “plugins”, UNITEDRAKE can perform tasks including listening in and monitoring communication, capturing keystrokes and both webcam and microphone usage, the impersonation users, stealing diagnostics information and self-destructing once tasks are completed.

UNITEDRAKE-Collective Intelligence
Collective Intelligence
UNITEDRAKE-Collective Intelligence
Collective Intelligence

  • CAPTIVATEDAUDIENCE is for recording conversations via the infected computer’s microphone
  • GUMFISH is for covertly taking control over a computer’s webcam and snap photographs
  • FOGGYBOTTOM for exfiltrating Internet data like browsing histories, login details and passwords
  • GROK is a Keylogger Trojan for capturing keystrokes.
  • SALVAGERABBIT is for accessing data on removable flash drives that connect to the infected computer.

Targeted machines include:

  • Windows XP
  • Windows Server 2003
  • Windows Server 2008
  • Windows Vista
  • Windows 7 SP 1
  • Windows 8
  • Windows Server 2012